The concept is that you drag and drop your mobile application file (an .apk or .ipa file) on the StaCoAn application and it will generate a visual and portable report for you. You can tweak the settings and wordlists to get a customized experience.

The reports contain a handy tree viewer so you can easily browse trough your decompiled application.

Looting conceptThe Loot Function let you 'loot' (~bookmark) the findings which are of value for you and on the loot-page you will get an overview of your 'loot' raid.The final report can be exported to a zip file and shared with other people.

WordlistsThe application uses wordlists for finding interesting lines in the code. Wordlists are in the following format:

FiletypesAny source file will be processed. This contains '.java', '.js', '.html', '.xml',... files.Database-files are also searched for keywords. The database also has a table viewer.

Responsive DesignThe reports are made to fit on all screens.

LimitationsThis tool will have trouble with obfuscated code. If you are a developer try to compile without obfuscation turned on before running this tool. If you are on the offensive side, good luck bro.

Getting StartedIf you want to get started as soon as possible, head over to the releases page and download the executable or archive which corresponds to your operating system.If you have downloaded the release zip file, extract this. Copy the .apk or .ipa file to the extracted folder.Drag and drop this file onto the executable. The report will now be generated in the report folder.